Technology

37551 readers

586 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

[email protected]

Mathematician warns US spies may be weakening next-gen encryption (www.newscientist.com)

submitted 11 months ago by [email protected] to c/[email protected]

25 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 15 points 11 months ago (2 children)

So I wrote a long-ass rundown of this but it won't post for some reason (too long)? So TLDR: this is a 17,600-word nothingburger.

DJB is a brilliant, thorough and accomplished cryptographer. He has also spent the past 5 years burning his reputation to the ground, largely by exhaustively arguing for positions that correlate more with his ego than with the truth. Not just this position. It's been a whole thing.

DJB's accusation, that NSA is manipulating this process to promote a weaker outcome, is plausible. They might have! It's a worrisome possibility! The community must be on guard against it! But his argument that it actually happened is rambling, nitpicky and dishonest, and as far as I can tell the other experts in the community do not agree with it.

So yes, take NIST's recommendation for Kyber with a grain of salt. Use Kyber768 + X448 or whatever instead of just Kyber512. But also take DJB's accusations with a grain of salt.

[–] stifle867 1 points 11 months ago

It seems kinda weird to focus on ad hominem arguments rather than the facts of the matter.

Can you address the points made on his blog post (https://blog.cr.yp.to/20231003-countcorrectly.html)? Perhaps via your own blog post if a longer form is needed. Genuinely interested in the argument against because there's a lot going for it.

[–] [email protected] 1 points 11 months ago

Honestly at this point... I'd be surprised if they are seriously undermining encryption. NIST and NSA need encryption to work to protect the government itself ... they're to my knowledge not staffed by idiots, and a lot has changed since the 90s and early 2000s. Encryption is a core portion of security in 2023.